An Anonymous Authentication System for Pay-As-You-Go Cloud Computing*
IEEE Transactions on Dependable and Secure Computing
Cloud computing offers on-demand availability of computing resources over the Internet. To attract users, cloud providers offer their resources as services at reasonable prices and provide various price models to reflect higher level of quality of service (QoS), which are referred as pricing schemes. kk-times anonymous authentication (kk-TAA) is an attractive approach to construct pricing schemes, providing access controllability, user anonymity and public traceability. In kk-TAA schemes, authenticated users are permitted to anonymously access services from a provider at most kk times, while the ones whose the number of access times exceeds kk can be publicly traced. That is, kk-TAA schemes offer a prepaid plan that charges users based on the amount of access times. Alternatively, pay-as-you-go (PAYG) is a pricing strategy that allows users to be charged based on the amount of usage, reducing the costs on unnecessary resources. Adopting kk-TAA schemes to PAYG model, the access bound kk is decided by the prepayment amount and the service usage is tracked by the number of access times. However, this approach is impractical, since existing kk-TAA schemes only allow an one-time access in an authentication. This article aims to bridge this gap in the literature by designing an efficient and secure authentication system for PAYG cloud computing, supporting flexible access controllability, user anonymity and public traceability. To achieve this, we propose a new kk-TAA primitive, called kk-times anonymous pay-as-you-go authentication (kk-TAA-PAYG), that allows users to access services for multiple times in an authentication as long as the number of their access times does not exceed kk. We first formalize the definition and security model for kk-TAA-PAYG scheme. Subsequently, we present a concrete construction of kk-TAA-PAYG scheme, with the computational complexity as O(1)O(1) and the constant communicational cost. Finally, comparing with the most efficient kk-TAA scheme proposed by Emura et al., the experimental results show that our kk-TAA-PAYG scheme is 2.5 to 3 times faster and saves up to 66 percent storage in grant processes. The time cost of an authentication of our kk-TAA-PAYG scheme is constant (1.4-2.4 ms), while Emura et al.'s scheme needs more than one second when the number of access time is greater than 1, 000.
Open Access Status
This publication is not available as open access